Skip to content

quavacious/audit-checklist

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Solodit's Aggregated Smart Contract Audit Checklist

The checklist is hosted at Solodit

Introduction

In "The Checklist Manifesto. How to Get Things Right", Atul Gawande emphasizes the increasing prevalence of errors arising from oversight in complex tasks, advocating for the adoption of checklists as a solution, as demonstrated by their transformative impact on surgical outcomes.

In the ever-evolving landscape of blockchain and smart contract technologies, ensuring the security of deployed smart contracts has become paramount. In many instances, vulnerabilities are overlooked, not due to negligence, but due to the lack of a systematic approach in the review process.

Solodit aims to address this by introducing a comprehensive aggregation of various checklists used in smart contract audits. Derived from a myriad of sources and previously conducted audit reports, this checklist is intended to be a living document, constantly enriched and improved upon by the community.

Why Solodit's Checklist?

  1. Comprehensive Coverage: By aggregating checklists from numerous auditors and audit reports, Solodit ensures a holistic approach to smart contract auditing.
  2. Community-Driven: This checklist is open for the community to contribute and refine, ensuring that it is always up-to-date with the latest vulnerabilities and best practices.
  3. Building Automatic Analyzers: With a structured approach, this checklist can also pave the way for developing automatic analyzers in the future, elevating the audit process's efficiency and accuracy.

Goals

  • Standardize the Audit Process: By having a standard checklist, auditors can ensure they don't overlook any critical aspect of the smart contract.
  • Promote Collaboration: Encourage auditors, developers, and blockchain enthusiasts to contribute, ensuring a rich and comprehensive checklist.
  • Advance Security Maturity: As the blockchain ecosystem matures, it's paramount that the security protocols around it mature as well. This checklist is a step in that direction.

Usage

We show the checklist on Solodit's website in a user-friendly format and allow you to check off items as you go through the audit process.

However, you can also view the checklist in a raw JSON format here.

The checklist is divided into multiple categories, each containing a list of items to check for. Each item consists of an ID, an imperative statement, a question, a description, a remediation, and a list of references.

  • ID: A unique identifier for the check item.
  • Question: A question that can be used to help the auditor in the review process.
  • Description: A detailed description of the item.
  • Remediation: A list of steps to take to remediate the item.
  • References: A list of references to learn more about the item.

Contribution

We welcome contributions from the community. Issues and pull requests are encouraged. Contributions can be made from the Solodit website in a more user-friendly format as well. Please check out our contribution guidelines for more details.

Acknowledgements

The checklist is heavily inspired by the following resources:


Powered by Cyfrin - We value every effort to level up the Web3 security

About

Aggregated audit checklist

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published